This question already has answers here:
How can I troubleshoot my Perl CGI script?
(8 answers)
Unable to connect to Postgres via PHP but can connect from command line and PgAdmin on different machine
(1 answer)
Closed 5 years ago.
I have to configure Apache + Perl + PostgreSQL on CentOS 7 which kernel's version is 3.10.0-514.el7.x86-64.
Because the server I have to configure is separated from WAN, I downloaded Everything ISO image.
First, I installed CentOS in Minimal Install, using Everything ISO, not connecting to the Internet.
In this clean status, I mounted CD-ROM.
# mount /dev/cdrom /media/cdrom
then, I installed lynx and wget.
# yum --disable-repo=\* --enable-repo=c7-media install lynx wget
It was successful.
and I installed Perl.
# yum --disable-repo=\* --enable-repo=c7-media install perl
It was also successful.
and I intalled Apache.
# yum --disable-repo=\* --enable-repo=c7-media install httpd
It was also successful.
and I modified httpd.conf like this:
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
AddHandler cgi-script .pl .cgi
Require all granted < /Directory >
and I wrote a test page(chmod a+x applied) and it works well.
However, the problem is Postgre SQL.
I installed it by entering
# yum --disable-repo=\* --enable-repo=c7-media install postgresql postgresql-server postgresql-contrib postgres-devel
# yum --disable-repo=\* --enable-repo=c7-media install perl-DBD-Pg
and I initialized by entering
# postgresql-setup initdb
and started the daemon.
# service postgresql start
and set a password the account of 'postgres' on unix
# passwd postgres
and set the same password of the account 'postgres' on PSQL
# psql --username=postgres
POSTGRES # alter user postgres encrypted password '1234asdf';
and set the authorization method to MD5 in /var/lib/pgsql/data/pg_hba.conf
local all all trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
I restarted the daemon.
** Now, I wrote an example:
#!/usr/bin/perl
use DBI;
use strict;
my $driver = "Pg";
my $database = "postgres";
my $host="127.0.0.1";
my $connstr = "DBI:$driver:dbname=$database;host=$host";
my $userid = "postgres";
my $userpw = "1234asdf";
my $dbconn = DBI->connect($constr, $userid, $userpw, { RaiseError => 1 }) or die $DBI::errstr;
print "Content-type: text/html\n\n";
print disconnect();
When I run on terminal(eg. # ./foo.cgi), it works without any error.
HOWEVER When I run on the browser, It shows HTTP 403 Error.
error_log is below::
[Fri Aug 04 02:10:27.471889 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: DBI connect('dbname=postgres;host=127.0.0.1;','postgres',...) failed: could not connect to server: Permission denied
[Fri Aug 04 02:10:27.471959 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: \tIs the server running on host "127.0.0.1" and accepting
[Fri Aug 04 02:10:27.471975 2017] [cgi:error] [pid 2231] [client 127.0.0.1:48724] AH01215: \tTCP/IP connections on port 5432? at /var/www/cgi-bin/cc.cgi line 14.
What can I do for this situation? I'm in trouble for several days...
Related
Environment:-
Ubuntu 20.04.4 LTS
$ apache2 -version
Server version: Apache/2.4.53 (Ubuntu)
Server built: 2022-03-14T15:01:21
Problem:-
Everything was working fine, Suddenly started getting below errors on browser when i access http://160.55.56.28/artifacts and terminal.
Forbidden
You don't have permission to access this resource.
Apache/2.4.53 (Ubuntu) Server at 160.55.56.28 Port 8080
$ curl http://localhost/artifacts
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.53 (Ubuntu) Server at 160.55.56.28 Port 8080</address>
$ sudo tail -f /var/log/apache2/error.log
[Thu Nov 10 09:11:46.009901 2022] [core:error] [pid 517203:tid 139940436375296] [client 160.55.56.28:44400] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/artifacts
[Thu Nov 10 09:11:46.721754 2022] [core:error] [pid 517203:tid 139940302157568] [client 160.55.56.28:44404] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/artifacts
[Thu Nov 10 09:11:46.886521 2022] [core:error] [pid 517203:tid 139940419589888] [client 160.55.56.28:44406] AH00037: Symbolic link not allowed or link target not accessible: /var/www/html/artifacts
In /etc/apache2/apache2.conf have below.
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
$ ls -lsa /var/www/html/artifacts
0 lrwxrwxrwx 1 admin admin 55 Nov 10 09:03 /var/www/html/artifacts -> /home/admin/.mits/packages/releases
Already executed chown -R admin:admin /var/www/ and chown -R admin:admin /home/admin/.mits/packages/releases, Post service restart still same problem persisting.
Please suggest me possible solution. Thanks!
The following helped to solve my problem.
$ sudo chmod -R +x /home/admin/
$ sudo service apache2 stop
$ sudo service apache2 start
I followed the guide on https://blog.ssdnodes.com/blog/installing-nextcloud-docker/ and got the docker containers running.
I changed the port mappings of nextcloud-proxy to 7443:443, 780:80, since my server already has an apache running.
When I open the page foo.bar.com:7443, it shows me a server error 500 page by nginx.
docker logs --details nextcloud-proxy only shows me, that the error-500-page was successfully delivered.
docker logs --details nextcloud-app does not show any errors regarding the request. It only shows some messages during startup:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.5. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.5. Set the 'ServerName' directive globally to suppress this message
[Mon Mar 04 19:23:01.413561 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.2.15 configured -- resuming normal operations
[Mon Mar 04 19:23:01.413653 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
It is pretty clear, that there is an error with apache or php (both should be logged by nextcloud-app). But I need to see the error log entries. How do I do this?
Logs are redirected to nextcloud's data folder.
From your nextcloud's root, try with:
$ tail nextcloud/data/nextcloud.log
(or the folder you set for data storage).
It's even better if you run the nextcloud with this switch to mount it to a folder on your host, edit config/config.php to have finer-grained logs through setting loglevel, the run tail -f data/nextcloud.logs
docker run -v ~/Projects/nextcloud:/var/www/html -d -p 8080:80 nextcloud
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
...
...
...
'loglevel' => 0,
);
Restart the docker image by running docker restart YOUR_INSTNANCE_ID
Then docker exec -it YOUR_INSTNANCE_ID bash -c "tail -f /var/www/html/data/nextcloud.log"
In my case, it helped to configure Nextcloud to use stdout instead of a dedicated logfile for its logging output.
This allows you to see all the logs instead of just the php fpm output in the if you execute docker logs <yourcontainerid> or view it in Portainer or some other management software.
Just add the following to your config.php
"logfile" => "/dev/stdout",
I am using LAMP server on a raspberry pi and my apache server has stopped displaying the website (page).
I have already tried restarting the server and my whole Pi
it is a rasperry pi 3 and the apache version is 2.0 the other components of the lamp server are working
I entered this command in terminal
sudo apache2
and it gave me this:
[Sun Dec 23 10:38:11.948939 2018] [core:warn] [pid 2061] AH00111: Config variable ${APACHE_RUN_DIR} is not defined
apache2: Syntax error on line 80 of /etc/apache2/apache2.conf: DefaultRuntimeDir must be a valid directory, absolute or relative to ServerRoot
You must launch it with its service, not directly with its executable.
sudo systemctl start apache2
I am trying to configure Apache httpd.conf (on my CentOS 6.4) to allow access to my user directory (i.e. ~me/public_html/index.html).
I changed the original httpd.conf (i.e. out-of-the-box) as follows:
[root#myhost www]# diff /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig.out-of-the-box
366c366
< #UserDir disabled
---
> UserDir disabled
373c373
< UserDir public_html
---
> #UserDir public_html
This should in principle provide access to http://myhost/~me but instead, I am getting the dreaded error:
You don't have permission to access /~me on this server.
I checked the file /var/log/httpd/error_log and, sure enough, it reads:
(13)Permission denied: access to /~me denied
The first weird thing I noticed is that a / is prepended to ~me.
Where does that leading / come from?
Is it only a "red herring"?
Or is this pointing to the root cause of the problem (i.e. something else I need to modify in httpd.conf)?
Most importantly, since I know that my ~me/public_html is has world-readable permissions, how do I troubleshoot a problem like this?
Is there a way to find out why "access to /~me denied"?
SELinux?
httpd.conf?
directory permissions?
all of the above?
Update 1, answering the 2 questions in the comments by #UlrichSchwarz below:
The home directory does seem to have the 'x' permission:
[root#myhost ~]# ls -lad /home/me
drwxr-xr-x. 33 me me 4096 Feb 8 16:30 /home/me
SELinux info on public_html:
[root#myhost ~]# ls -Z -d /home/me/public_html/
drwxrwxr-x. me me unconfined_u:object_r:file_t:s0 /home/me/public_html/
Update 2, after I verified that this is indeed an SELinux issue (thanks to the tip by #Scolytus):
I ran the command:
chcon -R -t httpd_user_content_t /home/me/public_html/
Still no go.
[root#myhost ~]# ls -Z -d /home/me/public_html/
drwxrwxr-x. me me unconfined_u:object_r:httpd_user_content_t:s0 /home/me/public_html/
Then I ran "Allow HTTPD to read home directories" from the command line:
setsebool -P httpd_enable_homedirs=1
Still no go.
/var/log/httpd/error_log now shows (in addition to the (13)permission denied error) the following:
[notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[notice] Apache/2.2.15 (Unix) DAV/2 configured -- resuming normal operations
Perhaps the problem lies in the discrepancy between context_system_u and httpd_user_content_t?
What else do I need to do? (without disabling SELinux completely, that is)
Update 3, thanks to information in #lserni's answer, I discovered the ausearch command:
ausearch -m avc --start today
Which provided the following output:
time->Fri Jul 4 09:16:44 2014
type=SYSCALL msg=audit(1404479804.256:1312): arch=40000003 syscall=196 success=no exit=-13 a0=12c2c80 a1=bfeb1d00 a2=a34ff4 a3=2008171 items=0 ppid=5880 pid=5886 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=193 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1404479804.256:1312): avc: denied { getattr } for pid=5886 comm="httpd" path="/home/me" dev=dm-3 ino=2 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Huh? Why /home/me and not /home/me/public_html?
Here is the output of ls -Zd /home/me/:
drwxr-xr-x. me me system_u:object_r:file_t:s0 /home/me/
Should I run the chcon -t httpd_user_content_t on /home/me, too?
Continuing to research...
Update 4: Success!
I ran the command:
chcon -t httpd_user_content_t /home/me/
And all is well now.
[root#myhost sa]# ls -Z -d /home/me/
drwxr-xr-x. me me system_u:object_r:httpd_user_content_t:s0 /home/me/
I've seen a slightly different version of the command you gave, supplied by sealert:
SELinux denied access to /var/www/html/file1 requested by httpd.
/var/www/html/file1 has a context used for sharing by different
program. If you would like to share /var/www/html/file1 from httpd
also, you need to change its file context to public_content_t. If
you did not intend to this access, this could signal a intrusion
attempt.
Allowing Access:
You can alter the file context by executing chcon -t public_content_t
'/var/www/html/file1'
Fix Command:
chcon -t public_content_t '/var/www/html/file1'
how do I troubleshoot a problem like this?
Most SELinux-related information is generally in the auditd logs, but you probably want some tool such as sealert to decode it for you. I've done a brief search and came up with this tool that I didn't know of, but seems interesting: SELinux GUI.
Addendum: Some examples with semanage
I can't check immediately, but I recall that commenting out the UserDir disabled isn't the same as enabling!
More specifically, I think you need to include a line in your https.conf file
Userdir enabled me
The issue
Now, I am a complete n00b on Apache, and I could certainly use some help with my current issue. I have installed the httpd rpm's on 3 different systems (all Advantech computers, 1 Box PC, 1 Advanced TCA blade, 1 Compact PCI blade, and all have RHEL6 installed). I have configured Apache with files used earlier, on other installations. When I issue the command
# service httpd restart
All goes well and I get this output:
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for <PC_Name>
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
Now, when I try to connect to the machine via Apache, I get the log-in screen asking for the username and password, as you would expect. However, it fails to log-in. When I look at the error_log in /var/log/httpd/, it shows this error message:
[Thu Sep 15 14:24:40 2011] [error] [client 192.168.10.175] (13)Permission denied: Could not open password file: /etc/shadow
[Thu Sep 15 14:24:40 2011] [error] [client 192.168.10.175] PAM: user 'root' - not authenticated: System error
It seems to me that this is either a configuration error, or it has something to do with permissions. Yet I can't seem to find out which. Another interesting fact is, that this only applies to the last two installations(Advanced TCA & Compact PCI), and not the first (Box PC), while all 3 installations are exactly the same.
Additional Info
The way I installed it was install httpd from yum,
# yum install httpd
Next install mod_auth_pam, which is needed by the configuration,
# yum install mod_auth_pam
Then I configured Apache with the files I got from previous installations (which basically is just replacing the configuration files from the standard Apache install), and after that I restarted the Apache service.
For this error "apr_sockaddr_info_get() failed"
You need to properly set your hostname.
hostname actual-non-expired-domain-name.com
Don't forget to set the name in your httpd.conf and in /etc/hosts as well.
I have been able to solve this by setting SELinux to allow Apache requests. This is done by issuing the following command:
semanage permissive -a http_t
Semanage is a utility from the policycoreutils-python package. This should come with the installation medium.